Refactor patch for properly fixing CVE-2016-5636
This commit is contained in:
parent
e8d957d10d
commit
8231a6035b
|
@ -0,0 +1,39 @@
|
|||
From ae99040f6c1f329d6b6c984f39c920f09d383925 Mon Sep 17 00:00:00 2001
|
||||
From: Charalampos Stratakis <cstratak@redhat.com>
|
||||
Date: Mon, 11 Jul 2016 11:21:29 +0200
|
||||
Subject: [PATCH] CVE-2016-5636 fix
|
||||
|
||||
---
|
||||
Modules/zipimport.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/Modules/zipimport.c b/Modules/zipimport.c
|
||||
index 8fe9195..f72e89f 100644
|
||||
--- a/Modules/zipimport.c
|
||||
+++ b/Modules/zipimport.c
|
||||
@@ -1071,6 +1071,10 @@ get_data(PyObject *archive, PyObject *toc_entry)
|
||||
&date, &crc)) {
|
||||
return NULL;
|
||||
}
|
||||
+ if (data_size < 0) {
|
||||
+ PyErr_Format(ZipImportError, "negative data size");
|
||||
+ return NULL;
|
||||
+ }
|
||||
|
||||
fp = _Py_fopen_obj(archive, "rb");
|
||||
if (!fp) {
|
||||
@@ -1111,6 +1115,11 @@ get_data(PyObject *archive, PyObject *toc_entry)
|
||||
}
|
||||
file_offset += l; /* Start of file data */
|
||||
|
||||
+ if (data_size > LONG_MAX - 1) {
|
||||
+ fclose(fp);
|
||||
+ PyErr_NoMemory();
|
||||
+ return NULL;
|
||||
+ }
|
||||
bytes_size = compress == 0 ? data_size : data_size + 1;
|
||||
if (bytes_size == 0)
|
||||
bytes_size++;
|
||||
--
|
||||
2.7.4
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
diff --git a/Modules/zipimport.c b/Modules/zipimport.c
|
||||
index 06abb31..914bf5d 100644
|
||||
--- a/Modules/zipimport.c
|
||||
+++ b/Modules/zipimport.c
|
||||
@@ -1112,6 +1112,11 @@ get_data(PyObject *archive, PyObject *toc_entry)
|
||||
}
|
||||
file_offset += l; /* Start of file data */
|
||||
|
||||
+ if (data_size > LONG_MAX - 1) {
|
||||
+ fclose(fp);
|
||||
+ PyErr_NoMemory();
|
||||
+ return NULL;
|
||||
+ }
|
||||
bytes_size = compress == 0 ? data_size : data_size + 1;
|
||||
if (bytes_size == 0)
|
||||
bytes_size++;
|
16
python3.spec
16
python3.spec
|
@ -140,7 +140,7 @@
|
|||
Summary: Version 3 of the Python programming language aka Python 3000
|
||||
Name: python3
|
||||
Version: %{pybasever}.3
|
||||
Release: 10%{?dist}
|
||||
Release: 11%{?dist}
|
||||
License: Python
|
||||
Group: Development/Languages
|
||||
|
||||
|
@ -730,11 +730,14 @@ Patch203: 00203-disable-threading-test-koji.patch
|
|||
# openssl requires DH keys to be > 768bits
|
||||
Patch204: 00204-increase-dh-keys-size.patch
|
||||
|
||||
# https://bugs.python.org/issue26171
|
||||
# 00209 #
|
||||
# CVE-2016-5636: http://seclists.org/oss-sec/2016/q2/560
|
||||
# rhbz#1345859: https://bugzilla.redhat.com/show_bug.cgi?id=1345859
|
||||
# https://hg.python.org/cpython/rev/10dad6da1b28/
|
||||
# https://hg.python.org/cpython/rev/5533a9e02b21
|
||||
# Fix possible integer overflow and heap corruption in zipimporter.get_data()
|
||||
# FIXED UPSTREAM
|
||||
Patch209: 00209-prevent-buffer-overflow-in-zipimport-module.patch
|
||||
# FIXED UPSTREAM: https://bugs.python.org/issue26171
|
||||
Patch209: 00209-CVE-2016-5636-buffer-overflow-in-zipimport-module-fix.patch
|
||||
|
||||
# 00210 #
|
||||
# CVE-2016-0772 python: smtplib StartTLS stripping attack
|
||||
|
@ -1947,7 +1950,10 @@ rm -fr %{buildroot}
|
|||
# ======================================================
|
||||
|
||||
%changelog
|
||||
* Fri Jul 08 2016 Charalampos Stratakis <cstratak@redhat.com> - 3.4.3-10
|
||||
* Mon Jul 11 2016 Charalampos Stratakis <cstratak@redhat.com> - 3.4.3-11
|
||||
- Refactor patch for properly fixing CVE-2016-5636
|
||||
|
||||
* Mon Jul 11 2016 Charalampos Stratakis <cstratak@redhat.com> - 3.4.3-10
|
||||
- Fix test_pyexpat failure with Expat version of 2.2.0
|
||||
|
||||
* Fri Jun 24 2016 Tomas Orsava <torsava@redhat.com> - 3.4.3-9
|
||||
|
|
Loading…
Reference in New Issue